Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jclar
Staff
Staff

Created on ‎01-19-2024 04:27 AM

Article Id 295064

Technical Tip: Enable DTLS in an AWS environment

Description This article demonstrates how to enable DTLS in an AWS environment.
Scope AWS FortiGate.
Solution

Consider the following example scenario:

A customer must enable DTLS in their SSL VPN connection. DTLS is already enabled on the FortiGate side, but packet capture and debug logs show that traffic is passing over TLS. DTLS is already enabled on the FortiGate side.

 

Below is the packet capture on the test machine. As shown, only 'Client Hello' packets are observed on the test machine.

 

TestMachineDTLSClientHello.png

 

However, on the FortiGate side, no DTLS packet is received:

 

FortigateNoDTLS.png

 

To resolve this, the custom UDP port should be configured on the AWS side.

 

AWSConfigChange.png

 

After making the changes, two-way DTLS traffic can be observed:

 

  • Test machine:

TestMachineDTLSWorking.png

 

  • FortiGate:

 

FortigateDTLSWorking.png

 

See Enable DTLS on FortiGate - FortiGate documentation for a general guide on how to enable DTLS on FortiGate.
202
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.